CVE-2015-1777
First published: Wed Mar 04 2015(Updated: )
Jan Bee of the Google Security Team reports: The /usr/sbin/rhnreg_ks fails to properly validate hostnames in certificates. This can result in man in the middle attacks. Please note that this issue cannot easily be exploited to cause any significant damage to a system other then preventing registration from taking place properly which the attacker would be able to do in any event if the can man in the middle the connection.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Rhn-client-tools | ||
| Redhat Gluster Storage | =2.1 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/redhat-bugzilla
- alias/CVE-2015-1777
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- vendor/redhat
- canonical/redhat rhn-client-tools
- canonical/redhat gluster storage
- version/redhat gluster storage/2.1
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0